@payello-module/jwt 0.1.0

package/dist/index.esm.js

@@ -0,0 +1,84 @@
+import { HmacSha512, HmacSha256 } from '@payello-module/encryption';
+
+class JwtError extends Error {
+    type = "@payello/module-jwt#JwtError";
+    constructor(message, options) {
+        super(message, options);
+    }
+}
+
+class JWT {
+    static async sign(payload, options = { privKey: '', pubKey: '', algorithm: 'HS512' }) {
+        const _header = {
+            typ: 'JWT',
+            alg: options.algorithm
+        };
+        const _payload = {
+            jti: `jti_${Date.now().valueOf()}`,
+            iat: Math.floor(Date.now().valueOf() / 1000),
+            iss: options.pubKey,
+            ...payload
+        };
+        const _body = btoa(JSON.stringify(_header)) + "." + btoa(JSON.stringify(_payload));
+        let signature = "";
+        switch (options.algorithm) {
+            case 'HS256':
+                signature = await HmacSha256.encrypt(_body, options.privKey);
+                break;
+            case 'HS512':
+                signature = await HmacSha512.encrypt(_body, options.privKey);
+                break;
+        }
+        return _body + "." + signature;
+    }
+    static async extract(input, opts = {}) {
+        const bits = input.split(".");
+        if (bits.length !== 3) {
+            throw new JwtError(`Invalid number of parts in JWT string. Expected 3 but got ${bits.length}`);
+        }
+        const header = JSON.parse(bits[0]);
+        if (!header || !header.typ || header.typ !== "JWT") {
+            throw new JwtError("Header invalid or type is not JWT");
+        }
+        const payload = JSON.parse(bits[1]);
+        if (!payload || !payload.jti) {
+            throw new JwtError("Payload invalid or missing jti value");
+        }
+        const requiredProps = opts.requiredProps || ["jti", "iss", "iat"];
+        for (const prop in requiredProps) {
+            if (!payload[prop]) {
+                throw new JwtError(`Payload missing ${prop} value`);
+            }
+        }
+        return {
+            header: header,
+            payload: payload,
+            signature: bits[2]
+        };
+    }
+    static async verify(input, opts) {
+        const extracted = await this.extract(input);
+        const secretKey = await opts.getSecretKey(extracted.payload.jti);
+        if (!secretKey) {
+            throw new JwtError(`Public key not found`);
+        }
+        let verify = false;
+        const data = `${btoa(JSON.stringify(extracted.header))}.${btoa(JSON.stringify(extracted.payload))}`;
+        switch (extracted.header.alg) {
+            case 'HS256':
+                verify = await HmacSha256.verify(data, extracted.signature, secretKey);
+                break;
+            case 'HS512':
+                verify = await HmacSha512.verify(data, extracted.signature, secretKey);
+                break;
+            default:
+                throw new JwtError(`Unsupported algorithm`);
+        }
+        if (!verify) {
+            throw new JwtError(`Signature not verified`);
+        }
+        return verify;
+    }
+}
+
+export { JWT, JwtError };

package/dist/index.js

@@ -0,0 +1,87 @@
+'use strict';
+
+var encryption = require('@payello-module/encryption');
+
+class JwtError extends Error {
+    type = "@payello/module-jwt#JwtError";
+    constructor(message, options) {
+        super(message, options);
+    }
+}
+
+class JWT {
+    static async sign(payload, options = { privKey: '', pubKey: '', algorithm: 'HS512' }) {
+        const _header = {
+            typ: 'JWT',
+            alg: options.algorithm
+        };
+        const _payload = {
+            jti: `jti_${Date.now().valueOf()}`,
+            iat: Math.floor(Date.now().valueOf() / 1000),
+            iss: options.pubKey,
+            ...payload
+        };
+        const _body = btoa(JSON.stringify(_header)) + "." + btoa(JSON.stringify(_payload));
+        let signature = "";
+        switch (options.algorithm) {
+            case 'HS256':
+                signature = await encryption.HmacSha256.encrypt(_body, options.privKey);
+                break;
+            case 'HS512':
+                signature = await encryption.HmacSha512.encrypt(_body, options.privKey);
+                break;
+        }
+        return _body + "." + signature;
+    }
+    static async extract(input, opts = {}) {
+        const bits = input.split(".");
+        if (bits.length !== 3) {
+            throw new JwtError(`Invalid number of parts in JWT string. Expected 3 but got ${bits.length}`);
+        }
+        const header = JSON.parse(bits[0]);
+        if (!header || !header.typ || header.typ !== "JWT") {
+            throw new JwtError("Header invalid or type is not JWT");
+        }
+        const payload = JSON.parse(bits[1]);
+        if (!payload || !payload.jti) {
+            throw new JwtError("Payload invalid or missing jti value");
+        }
+        const requiredProps = opts.requiredProps || ["jti", "iss", "iat"];
+        for (const prop in requiredProps) {
+            if (!payload[prop]) {
+                throw new JwtError(`Payload missing ${prop} value`);
+            }
+        }
+        return {
+            header: header,
+            payload: payload,
+            signature: bits[2]
+        };
+    }
+    static async verify(input, opts) {
+        const extracted = await this.extract(input);
+        const secretKey = await opts.getSecretKey(extracted.payload.jti);
+        if (!secretKey) {
+            throw new JwtError(`Public key not found`);
+        }
+        let verify = false;
+        const data = `${btoa(JSON.stringify(extracted.header))}.${btoa(JSON.stringify(extracted.payload))}`;
+        switch (extracted.header.alg) {
+            case 'HS256':
+                verify = await encryption.HmacSha256.verify(data, extracted.signature, secretKey);
+                break;
+            case 'HS512':
+                verify = await encryption.HmacSha512.verify(data, extracted.signature, secretKey);
+                break;
+            default:
+                throw new JwtError(`Unsupported algorithm`);
+        }
+        if (!verify) {
+            throw new JwtError(`Signature not verified`);
+        }
+        return verify;
+    }
+}
+
+exports.JWT = JWT;
+exports.JwtError = JwtError;

package/dist/index.mjs

@@ -0,0 +1,85 @@
+import { HmacSha512, HmacSha256 } from '@payello-module/encryption';
+
+class JwtError extends Error {
+    type = "@payello/module-jwt#JwtError";
+    constructor(message, options) {
+        super(message, options);
+    }
+}
+
+class JWT {
+    static async sign(payload, options = { privKey: '', pubKey: '', algorithm: 'HS512' }) {
+        const _header = {
+            typ: 'JWT',
+            alg: options.algorithm
+        };
+        const _payload = {
+            jti: `jti_${Date.now().valueOf()}`,
+            iat: Math.floor(Date.now().valueOf() / 1000),
+            iss: options.pubKey,
+            ...payload
+        };
+        const _body = btoa(JSON.stringify(_header)) + "." + btoa(JSON.stringify(_payload));
+        let signature = "";
+        switch (options.algorithm) {
+            case 'HS256':
+                signature = await HmacSha256.encrypt(_body, options.privKey);
+                break;
+            case 'HS512':
+                signature = await HmacSha512.encrypt(_body, options.privKey);
+                break;
+        }
+        return _body + "." + signature;
+    }
+    static async extract(input, opts = {}) {
+        const bits = input.split(".");
+        if (bits.length !== 3) {
+            throw new JwtError(`Invalid number of parts in JWT string. Expected 3 but got ${bits.length}`);
+        }
+        const header = JSON.parse(bits[0]);
+        if (!header || !header.typ || header.typ !== "JWT") {
+            throw new JwtError("Header invalid or type is not JWT");
+        }
+        const payload = JSON.parse(bits[1]);
+        if (!payload || !payload.jti) {
+            throw new JwtError("Payload invalid or missing jti value");
+        }
+        const requiredProps = opts.requiredProps || ["jti", "iss", "iat"];
+        for (const prop in requiredProps) {
+            if (!payload[prop]) {
+                throw new JwtError(`Payload missing ${prop} value`);
+            }
+        }
+        return {
+            header: header,
+            payload: payload,
+            signature: bits[2]
+        };
+    }
+    static async verify(input, opts) {
+        const extracted = await this.extract(input);
+        const secretKey = await opts.getSecretKey(extracted.payload.jti);
+        if (!secretKey) {
+            throw new JwtError(`Public key not found`);
+        }
+        let verify = false;
+        const data = `${btoa(JSON.stringify(extracted.header))}.${btoa(JSON.stringify(extracted.payload))}`;
+        switch (extracted.header.alg) {
+            case 'HS256':
+                verify = await HmacSha256.verify(data, extracted.signature, secretKey);
+                break;
+            case 'HS512':
+                verify = await HmacSha512.verify(data, extracted.signature, secretKey);
+                break;
+            default:
+                throw new JwtError(`Unsupported algorithm`);
+        }
+        if (!verify) {
+            throw new JwtError(`Signature not verified`);
+        }
+        return verify;
+    }
+}
+
+export { JWT, JwtError };
+//# sourceMappingURL=index.mjs.map

package/dist/index.mjs.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.mjs","sources":["../src/JwtError.ts","../src/JWT.ts"],"sourcesContent":["\r\n\r\nexport class JwtError extends Error {\r\n    type: \"@payello/module-jwt#JwtError\" = \"@payello/module-jwt#JwtError\";\r\n\r\n    constructor(message: string, options?: ErrorOptions) {\r\n        super(message, options)\r\n    }\r\n}\r\n","import { HmacSha256, HmacSha512 } from \"@payello-module/encryption\"\r\nimport { JwtHeader } from \"./JwtHeader\"\r\nimport { JwtSignOpts } from \"./JwtSignOpts\"\r\nimport { JwtError } from \"./JwtError\"\r\nimport { JwtExtract } from \"./JwtExtract\"\r\nimport { JwtExtractOpts } from \"./JwtExtractOpts\"\r\n\r\nexport class JWT {\r\n    public static async sign(payload: any, options: JwtSignOpts  = { privKey: '', pubKey: '', algorithm: 'HS512' }): Promise<string> {\r\n        const _header: JwtHeader = {\r\n            typ: 'JWT',\r\n            alg: options.algorithm\r\n        }\r\n\r\n        const _payload = {\r\n            jti: `jti_${Date.now().valueOf()}`,\r\n            iat: Math.floor(Date.now().valueOf() / 1000),\r\n            iss: options.pubKey,\r\n            ...payload\r\n        }\r\n\r\n        const _body = btoa(JSON.stringify(_header)) + \".\" + btoa(JSON.stringify(_payload))\r\n\r\n        let signature = \"\"\r\n        switch (options.algorithm) {\r\n            case 'HS256':\r\n                signature = await HmacSha256.encrypt(_body, options.privKey)\r\n                break\r\n\r\n            case 'HS512':\r\n                signature = await HmacSha512.encrypt(_body, options.privKey)\r\n                break\r\n        }\r\n\r\n        return _body + \".\" + signature\r\n    }\r\n\r\n    public static async extract(input: string, opts: JwtExtractOpts = {}): Promise<JwtExtract> {\r\n        const bits: string[] = input.split(\".\")\r\n        if(bits.length !== 3) {\r\n            throw new JwtError(`Invalid number of parts in JWT string. Expected 3 but got ${bits.length}`)\r\n        }\r\n\r\n        const header = JSON.parse(bits[0])\r\n\r\n        if(!header || !header.typ || header.typ !== \"JWT\") {\r\n            throw new JwtError(\"Header invalid or type is not JWT\")\r\n        }\r\n\r\n        const payload = JSON.parse(bits[1])\r\n        if(!payload || !payload.jti) {\r\n            throw new JwtError(\"Payload invalid or missing jti value\")\r\n        }\r\n\r\n        const requiredProps = opts.requiredProps || [\"jti\", \"iss\", \"iat\"];\r\n        for(const prop in requiredProps) {\r\n            if(!payload[prop]) {\r\n                throw new JwtError(`Payload missing ${prop} value`)\r\n            }\r\n        }\r\n\r\n        return {\r\n            header: header,\r\n            payload: payload,\r\n            signature: bits[2]\r\n        }\r\n    }\r\n\r\n    static async verify(input: string, opts: { getSecretKey(issuer: string): Promise<string> }) {\r\n        const extracted = await this.extract(input);\r\n        const secretKey = await opts.getSecretKey(extracted.payload.jti);\r\n\r\n        if(!secretKey) {\r\n            throw new JwtError(`Public key not found`)\r\n        }\r\n\r\n        let verify = false\r\n        const data = `${btoa(JSON.stringify(extracted.header))}.${btoa(JSON.stringify(extracted.payload))}`\r\n\r\n        switch(extracted.header.alg) {\r\n            case 'HS256':\r\n                verify = await HmacSha256.verify(data, extracted.signature, secretKey)\r\n                break;\r\n\r\n            case 'HS512':\r\n                verify = await HmacSha512.verify(data, extracted.signature, secretKey)\r\n                break;\r\n\r\n            default:\r\n                throw new JwtError(`Unsupported algorithm`)\r\n        }\r\n\r\n        if(!verify) {\r\n            throw new JwtError(`Signature not verified`)\r\n        }\r\n\r\n        return verify\r\n    }\r\n}\r\n\r\n"],"names":[],"mappings":";;AAEM,MAAO,QAAS,SAAQ,KAAK,CAAA;IAC/B,IAAI,GAAmC,8BAA8B,CAAC;IAEtE,WAAY,CAAA,OAAe,EAAE,OAAsB,EAAA;AAC/C,QAAA,KAAK,CAAC,OAAO,EAAE,OAAO,CAAC,CAAA;KAC1B;AACJ;;MCDY,GAAG,CAAA;IACL,aAAa,IAAI,CAAC,OAAY,EAAE,UAAwB,EAAE,OAAO,EAAE,EAAE,EAAE,MAAM,EAAE,EAAE,EAAE,SAAS,EAAE,OAAO,EAAE,EAAA;AAC1G,QAAA,MAAM,OAAO,GAAc;AACvB,YAAA,GAAG,EAAE,KAAK;YACV,GAAG,EAAE,OAAO,CAAC,SAAS;SACzB,CAAA;AAED,QAAA,MAAM,QAAQ,GAAG;YACb,GAAG,EAAE,OAAO,IAAI,CAAC,GAAG,EAAE,CAAC,OAAO,EAAE,CAAE,CAAA;AAClC,YAAA,GAAG,EAAE,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,CAAC,OAAO,EAAE,GAAG,IAAI,CAAC;YAC5C,GAAG,EAAE,OAAO,CAAC,MAAM;AACnB,YAAA,GAAG,OAAO;SACb,CAAA;QAED,MAAM,KAAK,GAAG,IAAI,CAAC,IAAI,CAAC,SAAS,CAAC,OAAO,CAAC,CAAC,GAAG,GAAG,GAAG,IAAI,CAAC,IAAI,CAAC,SAAS,CAAC,QAAQ,CAAC,CAAC,CAAA;QAElF,IAAI,SAAS,GAAG,EAAE,CAAA;QAClB,QAAQ,OAAO,CAAC,SAAS;AACrB,YAAA,KAAK,OAAO;AACR,gBAAA,SAAS,GAAG,MAAM,UAAU,CAAC,OAAO,CAAC,KAAK,EAAE,OAAO,CAAC,OAAO,CAAC,CAAA;gBAC5D,MAAK;AAET,YAAA,KAAK,OAAO;AACR,gBAAA,SAAS,GAAG,MAAM,UAAU,CAAC,OAAO,CAAC,KAAK,EAAE,OAAO,CAAC,OAAO,CAAC,CAAA;gBAC5D,MAAK;AACZ,SAAA;AAED,QAAA,OAAO,KAAK,GAAG,GAAG,GAAG,SAAS,CAAA;KACjC;IAEM,aAAa,OAAO,CAAC,KAAa,EAAE,OAAuB,EAAE,EAAA;QAChE,MAAM,IAAI,GAAa,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC,CAAA;AACvC,QAAA,IAAG,IAAI,CAAC,MAAM,KAAK,CAAC,EAAE;YAClB,MAAM,IAAI,QAAQ,CAAC,CAAA,0DAAA,EAA6D,IAAI,CAAC,MAAM,CAAE,CAAA,CAAC,CAAA;AACjG,SAAA;QAED,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,CAAA;AAElC,QAAA,IAAG,CAAC,MAAM,IAAI,CAAC,MAAM,CAAC,GAAG,IAAI,MAAM,CAAC,GAAG,KAAK,KAAK,EAAE;AAC/C,YAAA,MAAM,IAAI,QAAQ,CAAC,mCAAmC,CAAC,CAAA;AAC1D,SAAA;QAED,MAAM,OAAO,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,CAAA;AACnC,QAAA,IAAG,CAAC,OAAO,IAAI,CAAC,OAAO,CAAC,GAAG,EAAE;AACzB,YAAA,MAAM,IAAI,QAAQ,CAAC,sCAAsC,CAAC,CAAA;AAC7D,SAAA;AAED,QAAA,MAAM,aAAa,GAAG,IAAI,CAAC,aAAa,IAAI,CAAC,KAAK,EAAE,KAAK,EAAE,KAAK,CAAC,CAAC;AAClE,QAAA,KAAI,MAAM,IAAI,IAAI,aAAa,EAAE;AAC7B,YAAA,IAAG,CAAC,OAAO,CAAC,IAAI,CAAC,EAAE;AACf,gBAAA,MAAM,IAAI,QAAQ,CAAC,mBAAmB,IAAI,CAAA,MAAA,CAAQ,CAAC,CAAA;AACtD,aAAA;AACJ,SAAA;QAED,OAAO;AACH,YAAA,MAAM,EAAE,MAAM;AACd,YAAA,OAAO,EAAE,OAAO;AAChB,YAAA,SAAS,EAAE,IAAI,CAAC,CAAC,CAAC;SACrB,CAAA;KACJ;AAED,IAAA,aAAa,MAAM,CAAC,KAAa,EAAE,IAAuD,EAAA;QACtF,MAAM,SAAS,GAAG,MAAM,IAAI,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC;AAC5C,QAAA,MAAM,SAAS,GAAG,MAAM,IAAI,CAAC,YAAY,CAAC,SAAS,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC;QAEjE,IAAG,CAAC,SAAS,EAAE;AACX,YAAA,MAAM,IAAI,QAAQ,CAAC,CAAA,oBAAA,CAAsB,CAAC,CAAA;AAC7C,SAAA;QAED,IAAI,MAAM,GAAG,KAAK,CAAA;QAClB,MAAM,IAAI,GAAG,CAAA,EAAG,IAAI,CAAC,IAAI,CAAC,SAAS,CAAC,SAAS,CAAC,MAAM,CAAC,CAAC,CAAA,CAAA,EAAI,IAAI,CAAC,IAAI,CAAC,SAAS,CAAC,SAAS,CAAC,OAAO,CAAC,CAAC,CAAA,CAAE,CAAA;AAEnG,QAAA,QAAO,SAAS,CAAC,MAAM,CAAC,GAAG;AACvB,YAAA,KAAK,OAAO;AACR,gBAAA,MAAM,GAAG,MAAM,UAAU,CAAC,MAAM,CAAC,IAAI,EAAE,SAAS,CAAC,SAAS,EAAE,SAAS,CAAC,CAAA;gBACtE,MAAM;AAEV,YAAA,KAAK,OAAO;AACR,gBAAA,MAAM,GAAG,MAAM,UAAU,CAAC,MAAM,CAAC,IAAI,EAAE,SAAS,CAAC,SAAS,EAAE,SAAS,CAAC,CAAA;gBACtE,MAAM;AAEV,YAAA;AACI,gBAAA,MAAM,IAAI,QAAQ,CAAC,CAAA,qBAAA,CAAuB,CAAC,CAAA;AAClD,SAAA;QAED,IAAG,CAAC,MAAM,EAAE;AACR,YAAA,MAAM,IAAI,QAAQ,CAAC,CAAA,sBAAA,CAAwB,CAAC,CAAA;AAC/C,SAAA;AAED,QAAA,OAAO,MAAM,CAAA;KAChB;AACJ;;;;"}

package/dist/types/JWT.d.ts

@@ -0,0 +1,10 @@
+import { JwtSignOpts } from "./JwtSignOpts";
+import { JwtExtract } from "./JwtExtract";
+import { JwtExtractOpts } from "./JwtExtractOpts";
+export declare class JWT {
+    static sign(payload: any, options?: JwtSignOpts): Promise<string>;
+    static extract(input: string, opts?: JwtExtractOpts): Promise<JwtExtract>;
+    static verify(input: string, opts: {
+        getSecretKey(issuer: string): Promise<string>;
+    }): Promise<true>;
+}

package/dist/types/JwtError.d.ts

@@ -0,0 +1,4 @@
+export declare class JwtError extends Error {
+    type: "@payello/module-jwt#JwtError";
+    constructor(message: string, options?: ErrorOptions);
+}

package/dist/types/JwtExtract.d.ts

@@ -0,0 +1,6 @@
+import { JwtHeader } from "./JwtHeader";
+export interface JwtExtract {
+    header: JwtHeader;
+    payload: any;
+    signature: string;
+}

package/dist/types/JwtExtractOpts.d.ts

@@ -0,0 +1,3 @@
+export interface JwtExtractOpts {
+    requiredProps?: string[];
+}

package/dist/types/JwtHeader.d.ts

@@ -0,0 +1,4 @@
+export interface JwtHeader {
+    typ: 'JWT';
+    alg: 'HS256' | 'HS512';
+}

package/dist/types/JwtSignOpts.d.ts

@@ -0,0 +1,5 @@
+export interface JwtSignOpts {
+    privKey: string;
+    pubKey: string;
+    algorithm: "HS256" | "HS512";
+}

package/dist/types/example.d.ts

@@ -0,0 +1 @@
+export {};

package/dist/types/index.d.ts

@@ -0,0 +1,7 @@
+export * from './JWT';
+export * from './JwtError';
+export * from './JwtExtract';
+export * from './JwtExtractOpts';
+export * from './JwtHeader';
+export * from './JwtSignOpts';
+export * from './example';

package/package.json

@@ -0,0 +1,41 @@
+{
+    "name": "@payello-module/jwt",
+    "description": "JSON Web Token Module",
+    "author": "Payello (https://payello.com/)",
+    "version": "0.1.0",
+    "license": "UNLICENSED",
+    "type": "module",
+    "exports": {
+        ".": {
+            "import": "./dist/index.js"
+        }
+    },
+    "typesVersions": {
+        "*": {
+            "*": [
+                "./dist/*"
+            ]
+        }
+    },
+    "files": [
+        "dist/*"
+    ],
+    "devDependencies": {
+        "@rollup/plugin-commonjs": "^25.0.7",
+        "create-ts-index": "^1.14.0",
+        "rollup": "^4.1.4",
+        "rollup-plugin-delete": "^2.0.0",
+        "rollup-plugin-typescript2": "^0.36.0",
+        "tslib": "^2.6.2",
+        "typescript": "^5.2.2"
+    },
+    "scripts": {
+        "build": "cti create ./src -b -w & rollup -c",
+        "patch": "npm update & npm version patch -f & npm run build & npm publish -access=public",
+        "minor": "npm update & npm version minor -f & npm run build & npm publish -access=public",
+        "major": "npm update & npm version major -f & npm run build & npm publish -access=public"
+    },
+    "dependencies": {
+        "@payello-module/encryption": "^0.1.1"
+    }
+}

package/readme.md

@@ -0,0 +1,28 @@
+# JWT Module
+JWT Module is used to generate JSON Web Tokens.
+
+## Usage
+First install the module to your project.
+```
+npm i @payello-module/jwt
+```
+
+Then you can use the JWT Module as below:
+```ts
+import { JWT } from "@payello-module/jwt";
+
+const payload = {
+    exp: Math.floor(Date.now().valueOf() / 1000) + 300 // Expire in 300 seconds
+};
+
+const opts = {
+    privKey: "79c4e267e63845a986e669388fce66e9", // Secret Key
+    pubKey: "f266a28e-5e9a-4fe3-90a8-2e8b2ef0f62d", // Issuer ID
+    algorithm: "HS256" // Possible values: HS256 or HS512
+};
+
+const jwt = await JWT.sign(payload, opts);
+
+console.log(jwt);
+
+```